1
2#include <linux/slab.h>
3#include <linux/file.h>
4#include <linux/fdtable.h>
5#include <linux/freezer.h>
6#include <linux/mm.h>
7#include <linux/stat.h>
8#include <linux/fcntl.h>
9#include <linux/swap.h>
10#include <linux/ctype.h>
11#include <linux/string.h>
12#include <linux/init.h>
13#include <linux/pagemap.h>
14#include <linux/perf_event.h>
15#include <linux/highmem.h>
16#include <linux/spinlock.h>
17#include <linux/key.h>
18#include <linux/personality.h>
19#include <linux/binfmts.h>
20#include <linux/coredump.h>
21#include <linux/sched/coredump.h>
22#include <linux/sched/signal.h>
23#include <linux/sched/task_stack.h>
24#include <linux/utsname.h>
25#include <linux/pid_namespace.h>
26#include <linux/module.h>
27#include <linux/namei.h>
28#include <linux/mount.h>
29#include <linux/security.h>
30#include <linux/syscalls.h>
31#include <linux/tsacct_kern.h>
32#include <linux/cn_proc.h>
33#include <linux/audit.h>
34#include <linux/tracehook.h>
35#include <linux/kmod.h>
36#include <linux/fsnotify.h>
37#include <linux/fs_struct.h>
38#include <linux/pipe_fs_i.h>
39#include <linux/oom.h>
40#include <linux/compat.h>
41#include <linux/fs.h>
42#include <linux/path.h>
43#include <linux/timekeeping.h>
44
45#include <linux/uaccess.h>
46#include <asm/mmu_context.h>
47#include <asm/tlb.h>
48#include <asm/exec.h>
49
50#include <trace/events/task.h>
51#include "internal.h"
52
53#include <trace/events/sched.h>
54
55int core_uses_pid;
56unsigned int core_pipe_limit;
57char core_pattern[CORENAME_MAX_SIZE] = "core";
58static int core_name_size = CORENAME_MAX_SIZE;
59
60struct core_name {
61 char *corename;
62 int used, size;
63};
64
65
66
67static int expand_corename(struct core_name *cn, int size)
68{
69 char *corename = krealloc(cn->corename, size, GFP_KERNEL);
70
71 if (!corename)
72 return -ENOMEM;
73
74 if (size > core_name_size)
75 core_name_size = size;
76
77 cn->size = ksize(corename);
78 cn->corename = corename;
79 return 0;
80}
81
82static __printf(2, 0) int cn_vprintf(struct core_name *cn, const char *fmt,
83 va_list arg)
84{
85 int free, need;
86 va_list arg_copy;
87
88again:
89 free = cn->size - cn->used;
90
91 va_copy(arg_copy, arg);
92 need = vsnprintf(cn->corename + cn->used, free, fmt, arg_copy);
93 va_end(arg_copy);
94
95 if (need < free) {
96 cn->used += need;
97 return 0;
98 }
99
100 if (!expand_corename(cn, cn->size + need - free + 1))
101 goto again;
102
103 return -ENOMEM;
104}
105
106static __printf(2, 3) int cn_printf(struct core_name *cn, const char *fmt, ...)
107{
108 va_list arg;
109 int ret;
110
111 va_start(arg, fmt);
112 ret = cn_vprintf(cn, fmt, arg);
113 va_end(arg);
114
115 return ret;
116}
117
118static __printf(2, 3)
119int cn_esc_printf(struct core_name *cn, const char *fmt, ...)
120{
121 int cur = cn->used;
122 va_list arg;
123 int ret;
124
125 va_start(arg, fmt);
126 ret = cn_vprintf(cn, fmt, arg);
127 va_end(arg);
128
129 if (ret == 0) {
130
131
132
133
134 if ((cn->used - cur == 1 && cn->corename[cur] == '.') ||
135 (cn->used - cur == 2 && cn->corename[cur] == '.'
136 && cn->corename[cur+1] == '.'))
137 cn->corename[cur] = '!';
138
139
140
141
142
143
144
145 if (cn->used == cur)
146 ret = cn_printf(cn, "!");
147 }
148
149 for (; cur < cn->used; ++cur) {
150 if (cn->corename[cur] == '/')
151 cn->corename[cur] = '!';
152 }
153 return ret;
154}
155
156static int cn_print_exe_file(struct core_name *cn, bool name_only)
157{
158 struct file *exe_file;
159 char *pathbuf, *path, *ptr;
160 int ret;
161
162 exe_file = get_mm_exe_file(current->mm);
163 if (!exe_file)
164 return cn_esc_printf(cn, "%s (path unknown)", current->comm);
165
166 pathbuf = kmalloc(PATH_MAX, GFP_KERNEL);
167 if (!pathbuf) {
168 ret = -ENOMEM;
169 goto put_exe_file;
170 }
171
172 path = file_path(exe_file, pathbuf, PATH_MAX);
173 if (IS_ERR(path)) {
174 ret = PTR_ERR(path);
175 goto free_buf;
176 }
177
178 if (name_only) {
179 ptr = strrchr(path, '/');
180 if (ptr)
181 path = ptr + 1;
182 }
183 ret = cn_esc_printf(cn, "%s", path);
184
185free_buf:
186 kfree(pathbuf);
187put_exe_file:
188 fput(exe_file);
189 return ret;
190}
191
192
193
194
195
196static int format_corename(struct core_name *cn, struct coredump_params *cprm,
197 size_t **argv, int *argc)
198{
199 const struct cred *cred = current_cred();
200 const char *pat_ptr = core_pattern;
201 int ispipe = (*pat_ptr == '|');
202 bool was_space = false;
203 int pid_in_pattern = 0;
204 int err = 0;
205
206 cn->used = 0;
207 cn->corename = NULL;
208 if (expand_corename(cn, core_name_size))
209 return -ENOMEM;
210 cn->corename[0] = '\0';
211
212 if (ispipe) {
213 int argvs = sizeof(core_pattern) / 2;
214 (*argv) = kmalloc_array(argvs, sizeof(**argv), GFP_KERNEL);
215 if (!(*argv))
216 return -ENOMEM;
217 (*argv)[(*argc)++] = 0;
218 ++pat_ptr;
219 if (!(*pat_ptr))
220 return -ENOMEM;
221 }
222
223
224
225 while (*pat_ptr) {
226
227
228
229
230 if (ispipe) {
231 if (isspace(*pat_ptr)) {
232 if (cn->used != 0)
233 was_space = true;
234 pat_ptr++;
235 continue;
236 } else if (was_space) {
237 was_space = false;
238 err = cn_printf(cn, "%c", '\0');
239 if (err)
240 return err;
241 (*argv)[(*argc)++] = cn->used;
242 }
243 }
244 if (*pat_ptr != '%') {
245 err = cn_printf(cn, "%c", *pat_ptr++);
246 } else {
247 switch (*++pat_ptr) {
248
249 case 0:
250 goto out;
251
252 case '%':
253 err = cn_printf(cn, "%c", '%');
254 break;
255
256 case 'p':
257 pid_in_pattern = 1;
258 err = cn_printf(cn, "%d",
259 task_tgid_vnr(current));
260 break;
261
262 case 'P':
263 err = cn_printf(cn, "%d",
264 task_tgid_nr(current));
265 break;
266 case 'i':
267 err = cn_printf(cn, "%d",
268 task_pid_vnr(current));
269 break;
270 case 'I':
271 err = cn_printf(cn, "%d",
272 task_pid_nr(current));
273 break;
274
275 case 'u':
276 err = cn_printf(cn, "%u",
277 from_kuid(&init_user_ns,
278 cred->uid));
279 break;
280
281 case 'g':
282 err = cn_printf(cn, "%u",
283 from_kgid(&init_user_ns,
284 cred->gid));
285 break;
286 case 'd':
287 err = cn_printf(cn, "%d",
288 __get_dumpable(cprm->mm_flags));
289 break;
290
291 case 's':
292 err = cn_printf(cn, "%d",
293 cprm->siginfo->si_signo);
294 break;
295
296 case 't': {
297 time64_t time;
298
299 time = ktime_get_real_seconds();
300 err = cn_printf(cn, "%lld", time);
301 break;
302 }
303
304 case 'h':
305 down_read(&uts_sem);
306 err = cn_esc_printf(cn, "%s",
307 utsname()->nodename);
308 up_read(&uts_sem);
309 break;
310
311 case 'e':
312 err = cn_esc_printf(cn, "%s", current->comm);
313 break;
314
315 case 'f':
316 err = cn_print_exe_file(cn, true);
317 break;
318 case 'E':
319 err = cn_print_exe_file(cn, false);
320 break;
321
322 case 'c':
323 err = cn_printf(cn, "%lu",
324 rlimit(RLIMIT_CORE));
325 break;
326 default:
327 break;
328 }
329 ++pat_ptr;
330 }
331
332 if (err)
333 return err;
334 }
335
336out:
337
338
339
340
341
342 if (!ispipe && !pid_in_pattern && core_uses_pid) {
343 err = cn_printf(cn, ".%d", task_tgid_vnr(current));
344 if (err)
345 return err;
346 }
347 return ispipe;
348}
349
350static int zap_process(struct task_struct *start, int exit_code, int flags)
351{
352 struct task_struct *t;
353 int nr = 0;
354
355
356 start->signal->flags = SIGNAL_GROUP_COREDUMP | flags;
357 start->signal->group_exit_code = exit_code;
358 start->signal->group_stop_count = 0;
359
360 for_each_thread(start, t) {
361 task_clear_jobctl_pending(t, JOBCTL_PENDING_MASK);
362 if (t != current && t->mm) {
363 sigaddset(&t->pending.signal, SIGKILL);
364 signal_wake_up(t, 1);
365 nr++;
366 }
367 }
368
369 return nr;
370}
371
372static int zap_threads(struct task_struct *tsk, struct mm_struct *mm,
373 struct core_state *core_state, int exit_code)
374{
375 struct task_struct *g, *p;
376 unsigned long flags;
377 int nr = -EAGAIN;
378
379 spin_lock_irq(&tsk->sighand->siglock);
380 if (!signal_group_exit(tsk->signal)) {
381 mm->core_state = core_state;
382 tsk->signal->group_exit_task = tsk;
383 nr = zap_process(tsk, exit_code, 0);
384 clear_tsk_thread_flag(tsk, TIF_SIGPENDING);
385 }
386 spin_unlock_irq(&tsk->sighand->siglock);
387 if (unlikely(nr < 0))
388 return nr;
389
390 tsk->flags |= PF_DUMPCORE;
391 if (atomic_read(&mm->mm_users) == nr + 1)
392 goto done;
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423 rcu_read_lock();
424 for_each_process(g) {
425 if (g == tsk->group_leader)
426 continue;
427 if (g->flags & PF_KTHREAD)
428 continue;
429
430 for_each_thread(g, p) {
431 if (unlikely(!p->mm))
432 continue;
433 if (unlikely(p->mm == mm)) {
434 lock_task_sighand(p, &flags);
435 nr += zap_process(p, exit_code,
436 SIGNAL_GROUP_EXIT);
437 unlock_task_sighand(p, &flags);
438 }
439 break;
440 }
441 }
442 rcu_read_unlock();
443done:
444 atomic_set(&core_state->nr_threads, nr);
445 return nr;
446}
447
448static int coredump_wait(int exit_code, struct core_state *core_state)
449{
450 struct task_struct *tsk = current;
451 struct mm_struct *mm = tsk->mm;
452 int core_waiters = -EBUSY;
453
454 init_completion(&core_state->startup);
455 core_state->dumper.task = tsk;
456 core_state->dumper.next = NULL;
457
458 if (mmap_write_lock_killable(mm))
459 return -EINTR;
460
461 if (!mm->core_state)
462 core_waiters = zap_threads(tsk, mm, core_state, exit_code);
463 mmap_write_unlock(mm);
464
465 if (core_waiters > 0) {
466 struct core_thread *ptr;
467
468 freezer_do_not_count();
469 wait_for_completion(&core_state->startup);
470 freezer_count();
471
472
473
474
475
476 ptr = core_state->dumper.next;
477 while (ptr != NULL) {
478 wait_task_inactive(ptr->task, 0);
479 ptr = ptr->next;
480 }
481 }
482
483 return core_waiters;
484}
485
486static void coredump_finish(struct mm_struct *mm, bool core_dumped)
487{
488 struct core_thread *curr, *next;
489 struct task_struct *task;
490
491 spin_lock_irq(¤t->sighand->siglock);
492 if (core_dumped && !__fatal_signal_pending(current))
493 current->signal->group_exit_code |= 0x80;
494 current->signal->group_exit_task = NULL;
495 current->signal->flags = SIGNAL_GROUP_EXIT;
496 spin_unlock_irq(¤t->sighand->siglock);
497
498 next = mm->core_state->dumper.next;
499 while ((curr = next) != NULL) {
500 next = curr->next;
501 task = curr->task;
502
503
504
505
506 smp_mb();
507 curr->task = NULL;
508 wake_up_process(task);
509 }
510
511 mm->core_state = NULL;
512}
513
514static bool dump_interrupted(void)
515{
516
517
518
519
520
521
522 return fatal_signal_pending(current) || freezing(current);
523}
524
525static void wait_for_dump_helpers(struct file *file)
526{
527 struct pipe_inode_info *pipe = file->private_data;
528
529 pipe_lock(pipe);
530 pipe->readers++;
531 pipe->writers--;
532 wake_up_interruptible_sync(&pipe->rd_wait);
533 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
534 pipe_unlock(pipe);
535
536
537
538
539
540 wait_event_interruptible(pipe->rd_wait, pipe->readers == 1);
541
542 pipe_lock(pipe);
543 pipe->readers--;
544 pipe->writers++;
545 pipe_unlock(pipe);
546}
547
548
549
550
551
552
553
554
555
556
557
558
559static int umh_pipe_setup(struct subprocess_info *info, struct cred *new)
560{
561 struct file *files[2];
562 struct coredump_params *cp = (struct coredump_params *)info->data;
563 int err = create_pipe_files(files, 0);
564 if (err)
565 return err;
566
567 cp->file = files[1];
568
569 err = replace_fd(0, files[0], 0);
570 fput(files[0]);
571
572 current->signal->rlim[RLIMIT_CORE] = (struct rlimit){1, 1};
573
574 return err;
575}
576
577void do_coredump(const kernel_siginfo_t *siginfo)
578{
579 struct core_state core_state;
580 struct core_name cn;
581 struct mm_struct *mm = current->mm;
582 struct linux_binfmt * binfmt;
583 const struct cred *old_cred;
584 struct cred *cred;
585 int retval = 0;
586 int ispipe;
587 size_t *argv = NULL;
588 int argc = 0;
589
590 bool need_suid_safe = false;
591 bool core_dumped = false;
592 static atomic_t core_dump_count = ATOMIC_INIT(0);
593 struct coredump_params cprm = {
594 .siginfo = siginfo,
595 .regs = signal_pt_regs(),
596 .limit = rlimit(RLIMIT_CORE),
597
598
599
600
601
602 .mm_flags = mm->flags,
603 };
604
605 audit_core_dumps(siginfo->si_signo);
606
607 binfmt = mm->binfmt;
608 if (!binfmt || !binfmt->core_dump)
609 goto fail;
610 if (!__get_dumpable(cprm.mm_flags))
611 goto fail;
612
613 cred = prepare_creds();
614 if (!cred)
615 goto fail;
616
617
618
619
620
621
622 if (__get_dumpable(cprm.mm_flags) == SUID_DUMP_ROOT) {
623
624 cred->fsuid = GLOBAL_ROOT_UID;
625 need_suid_safe = true;
626 }
627
628 retval = coredump_wait(siginfo->si_signo, &core_state);
629 if (retval < 0)
630 goto fail_creds;
631
632 old_cred = override_creds(cred);
633
634 ispipe = format_corename(&cn, &cprm, &argv, &argc);
635
636 if (ispipe) {
637 int argi;
638 int dump_count;
639 char **helper_argv;
640 struct subprocess_info *sub_info;
641
642 if (ispipe < 0) {
643 printk(KERN_WARNING "format_corename failed\n");
644 printk(KERN_WARNING "Aborting core\n");
645 goto fail_unlock;
646 }
647
648 if (cprm.limit == 1) {
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664 printk(KERN_WARNING
665 "Process %d(%s) has RLIMIT_CORE set to 1\n",
666 task_tgid_vnr(current), current->comm);
667 printk(KERN_WARNING "Aborting core\n");
668 goto fail_unlock;
669 }
670 cprm.limit = RLIM_INFINITY;
671
672 dump_count = atomic_inc_return(&core_dump_count);
673 if (core_pipe_limit && (core_pipe_limit < dump_count)) {
674 printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n",
675 task_tgid_vnr(current), current->comm);
676 printk(KERN_WARNING "Skipping core dump\n");
677 goto fail_dropcount;
678 }
679
680 helper_argv = kmalloc_array(argc + 1, sizeof(*helper_argv),
681 GFP_KERNEL);
682 if (!helper_argv) {
683 printk(KERN_WARNING "%s failed to allocate memory\n",
684 __func__);
685 goto fail_dropcount;
686 }
687 for (argi = 0; argi < argc; argi++)
688 helper_argv[argi] = cn.corename + argv[argi];
689 helper_argv[argi] = NULL;
690
691 retval = -ENOMEM;
692 sub_info = call_usermodehelper_setup(helper_argv[0],
693 helper_argv, NULL, GFP_KERNEL,
694 umh_pipe_setup, NULL, &cprm);
695 if (sub_info)
696 retval = call_usermodehelper_exec(sub_info,
697 UMH_WAIT_EXEC);
698
699 kfree(helper_argv);
700 if (retval) {
701 printk(KERN_INFO "Core dump to |%s pipe failed\n",
702 cn.corename);
703 goto close_fail;
704 }
705 } else {
706 struct user_namespace *mnt_userns;
707 struct inode *inode;
708 int open_flags = O_CREAT | O_RDWR | O_NOFOLLOW |
709 O_LARGEFILE | O_EXCL;
710
711 if (cprm.limit < binfmt->min_coredump)
712 goto fail_unlock;
713
714 if (need_suid_safe && cn.corename[0] != '/') {
715 printk(KERN_WARNING "Pid %d(%s) can only dump core "\
716 "to fully qualified path!\n",
717 task_tgid_vnr(current), current->comm);
718 printk(KERN_WARNING "Skipping core dump\n");
719 goto fail_unlock;
720 }
721
722
723
724
725
726
727 if (!need_suid_safe) {
728
729
730
731
732 do_unlinkat(AT_FDCWD, getname_kernel(cn.corename));
733 }
734
735
736
737
738
739
740
741
742
743 if (need_suid_safe) {
744
745
746
747
748
749
750
751
752
753 struct path root;
754
755 task_lock(&init_task);
756 get_fs_root(init_task.fs, &root);
757 task_unlock(&init_task);
758 cprm.file = file_open_root(&root, cn.corename,
759 open_flags, 0600);
760 path_put(&root);
761 } else {
762 cprm.file = filp_open(cn.corename, open_flags, 0600);
763 }
764 if (IS_ERR(cprm.file))
765 goto fail_unlock;
766
767 inode = file_inode(cprm.file);
768 if (inode->i_nlink > 1)
769 goto close_fail;
770 if (d_unhashed(cprm.file->f_path.dentry))
771 goto close_fail;
772
773
774
775
776 if (!S_ISREG(inode->i_mode))
777 goto close_fail;
778
779
780
781
782
783
784 mnt_userns = file_mnt_user_ns(cprm.file);
785 if (!uid_eq(i_uid_into_mnt(mnt_userns, inode),
786 current_fsuid())) {
787 pr_info_ratelimited("Core dump to %s aborted: cannot preserve file owner\n",
788 cn.corename);
789 goto close_fail;
790 }
791 if ((inode->i_mode & 0677) != 0600) {
792 pr_info_ratelimited("Core dump to %s aborted: cannot preserve file permissions\n",
793 cn.corename);
794 goto close_fail;
795 }
796 if (!(cprm.file->f_mode & FMODE_CAN_WRITE))
797 goto close_fail;
798 if (do_truncate(mnt_userns, cprm.file->f_path.dentry,
799 0, 0, cprm.file))
800 goto close_fail;
801 }
802
803
804
805 retval = unshare_files();
806 if (retval)
807 goto close_fail;
808 if (!dump_interrupted()) {
809
810
811
812
813 if (!cprm.file) {
814 pr_info("Core dump to |%s disabled\n", cn.corename);
815 goto close_fail;
816 }
817 file_start_write(cprm.file);
818 core_dumped = binfmt->core_dump(&cprm);
819
820
821
822
823
824
825 if (cprm.to_skip) {
826 cprm.to_skip--;
827 dump_emit(&cprm, "", 1);
828 }
829 file_end_write(cprm.file);
830 }
831 if (ispipe && core_pipe_limit)
832 wait_for_dump_helpers(cprm.file);
833close_fail:
834 if (cprm.file)
835 filp_close(cprm.file, NULL);
836fail_dropcount:
837 if (ispipe)
838 atomic_dec(&core_dump_count);
839fail_unlock:
840 kfree(argv);
841 kfree(cn.corename);
842 coredump_finish(mm, core_dumped);
843 revert_creds(old_cred);
844fail_creds:
845 put_cred(cred);
846fail:
847 return;
848}
849
850
851
852
853
854
855static int __dump_emit(struct coredump_params *cprm, const void *addr, int nr)
856{
857 struct file *file = cprm->file;
858 loff_t pos = file->f_pos;
859 ssize_t n;
860 if (cprm->written + nr > cprm->limit)
861 return 0;
862
863
864 if (dump_interrupted())
865 return 0;
866 n = __kernel_write(file, addr, nr, &pos);
867 if (n != nr)
868 return 0;
869 file->f_pos = pos;
870 cprm->written += n;
871 cprm->pos += n;
872
873 return 1;
874}
875
876static int __dump_skip(struct coredump_params *cprm, size_t nr)
877{
878 static char zeroes[PAGE_SIZE];
879 struct file *file = cprm->file;
880 if (file->f_op->llseek && file->f_op->llseek != no_llseek) {
881 if (dump_interrupted() ||
882 file->f_op->llseek(file, nr, SEEK_CUR) < 0)
883 return 0;
884 cprm->pos += nr;
885 return 1;
886 } else {
887 while (nr > PAGE_SIZE) {
888 if (!__dump_emit(cprm, zeroes, PAGE_SIZE))
889 return 0;
890 nr -= PAGE_SIZE;
891 }
892 return __dump_emit(cprm, zeroes, nr);
893 }
894}
895
896int dump_emit(struct coredump_params *cprm, const void *addr, int nr)
897{
898 if (cprm->to_skip) {
899 if (!__dump_skip(cprm, cprm->to_skip))
900 return 0;
901 cprm->to_skip = 0;
902 }
903 return __dump_emit(cprm, addr, nr);
904}
905EXPORT_SYMBOL(dump_emit);
906
907void dump_skip_to(struct coredump_params *cprm, unsigned long pos)
908{
909 cprm->to_skip = pos - cprm->pos;
910}
911EXPORT_SYMBOL(dump_skip_to);
912
913void dump_skip(struct coredump_params *cprm, size_t nr)
914{
915 cprm->to_skip += nr;
916}
917EXPORT_SYMBOL(dump_skip);
918
919#ifdef CONFIG_ELF_CORE
920int dump_user_range(struct coredump_params *cprm, unsigned long start,
921 unsigned long len)
922{
923 unsigned long addr;
924
925 for (addr = start; addr < start + len; addr += PAGE_SIZE) {
926 struct page *page;
927 int stop;
928
929
930
931
932
933
934
935
936 page = get_dump_page(addr);
937 if (page) {
938 void *kaddr = kmap_local_page(page);
939
940 stop = !dump_emit(cprm, kaddr, PAGE_SIZE);
941 kunmap_local(kaddr);
942 put_page(page);
943 if (stop)
944 return 0;
945 } else {
946 dump_skip(cprm, PAGE_SIZE);
947 }
948 }
949 return 1;
950}
951#endif
952
953int dump_align(struct coredump_params *cprm, int align)
954{
955 unsigned mod = (cprm->pos + cprm->to_skip) & (align - 1);
956 if (align & (align - 1))
957 return 0;
958 if (mod)
959 cprm->to_skip += align - mod;
960 return 1;
961}
962EXPORT_SYMBOL(dump_align);
963
964
965
966
967
968
969
970
971
972static bool always_dump_vma(struct vm_area_struct *vma)
973{
974
975 if (vma == get_gate_vma(vma->vm_mm))
976 return true;
977
978
979
980
981
982 if (vma->vm_ops && vma->vm_ops->name && vma->vm_ops->name(vma))
983 return true;
984
985
986
987
988
989 if (arch_vma_name(vma))
990 return true;
991
992 return false;
993}
994
995
996
997
998static unsigned long vma_dump_size(struct vm_area_struct *vma,
999 unsigned long mm_flags)
1000{
1001#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
1002
1003
1004 if (always_dump_vma(vma))
1005 goto whole;
1006
1007 if (vma->vm_flags & VM_DONTDUMP)
1008 return 0;
1009
1010
1011 if (vma_is_dax(vma)) {
1012 if ((vma->vm_flags & VM_SHARED) && FILTER(DAX_SHARED))
1013 goto whole;
1014 if (!(vma->vm_flags & VM_SHARED) && FILTER(DAX_PRIVATE))
1015 goto whole;
1016 return 0;
1017 }
1018
1019
1020 if (is_vm_hugetlb_page(vma)) {
1021 if ((vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_SHARED))
1022 goto whole;
1023 if (!(vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_PRIVATE))
1024 goto whole;
1025 return 0;
1026 }
1027
1028
1029 if (vma->vm_flags & VM_IO)
1030 return 0;
1031
1032
1033 if (vma->vm_flags & VM_SHARED) {
1034 if (file_inode(vma->vm_file)->i_nlink == 0 ?
1035 FILTER(ANON_SHARED) : FILTER(MAPPED_SHARED))
1036 goto whole;
1037 return 0;
1038 }
1039
1040
1041 if ((!IS_ENABLED(CONFIG_MMU) || vma->anon_vma) && FILTER(ANON_PRIVATE))
1042 goto whole;
1043 if (vma->vm_file == NULL)
1044 return 0;
1045
1046 if (FILTER(MAPPED_PRIVATE))
1047 goto whole;
1048
1049
1050
1051
1052
1053 if (FILTER(ELF_HEADERS) &&
1054 vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ) &&
1055 (READ_ONCE(file_inode(vma->vm_file)->i_mode) & 0111) != 0)
1056 return PAGE_SIZE;
1057
1058#undef FILTER
1059
1060 return 0;
1061
1062whole:
1063 return vma->vm_end - vma->vm_start;
1064}
1065
1066static struct vm_area_struct *first_vma(struct task_struct *tsk,
1067 struct vm_area_struct *gate_vma)
1068{
1069 struct vm_area_struct *ret = tsk->mm->mmap;
1070
1071 if (ret)
1072 return ret;
1073 return gate_vma;
1074}
1075
1076
1077
1078
1079
1080static struct vm_area_struct *next_vma(struct vm_area_struct *this_vma,
1081 struct vm_area_struct *gate_vma)
1082{
1083 struct vm_area_struct *ret;
1084
1085 ret = this_vma->vm_next;
1086 if (ret)
1087 return ret;
1088 if (this_vma == gate_vma)
1089 return NULL;
1090 return gate_vma;
1091}
1092
1093
1094
1095
1096
1097int dump_vma_snapshot(struct coredump_params *cprm, int *vma_count,
1098 struct core_vma_metadata **vma_meta,
1099 size_t *vma_data_size_ptr)
1100{
1101 struct vm_area_struct *vma, *gate_vma;
1102 struct mm_struct *mm = current->mm;
1103 int i;
1104 size_t vma_data_size = 0;
1105
1106
1107
1108
1109
1110
1111 if (mmap_write_lock_killable(mm))
1112 return -EINTR;
1113
1114 gate_vma = get_gate_vma(mm);
1115 *vma_count = mm->map_count + (gate_vma ? 1 : 0);
1116
1117 *vma_meta = kvmalloc_array(*vma_count, sizeof(**vma_meta), GFP_KERNEL);
1118 if (!*vma_meta) {
1119 mmap_write_unlock(mm);
1120 return -ENOMEM;
1121 }
1122
1123 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
1124 vma = next_vma(vma, gate_vma), i++) {
1125 struct core_vma_metadata *m = (*vma_meta) + i;
1126
1127 m->start = vma->vm_start;
1128 m->end = vma->vm_end;
1129 m->flags = vma->vm_flags;
1130 m->dump_size = vma_dump_size(vma, cprm->mm_flags);
1131
1132 vma_data_size += m->dump_size;
1133 }
1134
1135 mmap_write_unlock(mm);
1136
1137 if (WARN_ON(i != *vma_count)) {
1138 kvfree(*vma_meta);
1139 return -EFAULT;
1140 }
1141
1142 *vma_data_size_ptr = vma_data_size;
1143 return 0;
1144}
1145